Bonjour, J'ai le même problème que les autres. Apparemment ce virus est à la mode. Total security s'est tapé l'incruste sur mon ordi et me propose toutes les 30 sec de l'installer (moyennant finances bien entendu !). J'ai d'autres bugs par ci par là en plus : fond d'écran changé, ordi qui redémarre tout seul,...) Voici le lien vers mon fichier de log : http://cjoint.com/data/jxtezRXHsa.htm Merci pour votre aide. Lorène

Virus total security

Réponse 1 / 10

Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
23 sept. 2009 à 19:24

Bonjour,

télécharge GenProc http://www.genproc.com/GenProc.exe

double-clique sur GenProc.exe et poste le contenu du rapport qui s'ouvre

Réponse 2 / 10

Sonke Messages postés 983 Date d'inscription jeudi 21 mai 2009 Statut Membre Dernière intervention 31 janvier 2014 218
23 sept. 2009 à 19:24

Bonsoir, https://forum.zebulon.fr/topic/166930-r%C3%A9solu-supprimer-virus-total-security/

Réponse 3 / 10

lorene
23 sept. 2009 à 19:31

J'ai déjà téléchargé un truc similaire je pense, c'est RSIT. Voici le lien vers le rapport que ça a produit :
http://cjoint.com/data/jxtezRXHsa.htm

Est-ce que c'est bon pour toi ?
Merci

Réponse 4 / 10

Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
23 sept. 2009 à 19:34

https://forums.commentcamarche.net/forum/affich-14497344-virus-total-security#1

lorene
23 sept. 2009 à 19:38

Quand j'essaie d'ouvrir genproc.exe, il me dit que l'accès à windows script host est désactivé sur ma machine....

Réponse 5 / 10

Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
23 sept. 2009 à 19:40

il me dit que l'accès à windows script host est désactivé sur ma machine....

qui?

lorene
23 sept. 2009 à 19:42

euh pardon, j'ai une fenêtre qui s'ouvre et qui me dit ça, une fois que j'ai téléchargé genproc.exe et que j'ai double cliqué dessus et puis plus rien tout se ferme.

Réponse 6 / 10

Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
23 sept. 2009 à 19:44

[*] Télécharge combofix (sUBs) http://download.bleepingcomputer.com/sUBs/ComboFix.exe sur ton Bureau
[*] Double clique combofix.exe et suis les instructions.
[*] Installe la console de récupération si proposé et continue.
[*] Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

lorene
23 sept. 2009 à 20:13

me revoilà.

ComboFix 09-09-22.03 - Les Amours 23/09/2009 19:55:12.1.2 - NTFSx86
Lancé depuis: C:\Documents and Settings\Les Amours\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\18386254
C:\Documents and Settings\All Users\Application Data\18386254\18386254
C:\Documents and Settings\All Users\Application Data\18386254\18386254.exe
C:\Documents and Settings\All Users\Application Data\18386254\pc18386254ins
C:\Documents and Settings\Les Amours\Application Data\inst.exe
C:\Documents and Settings\Les Amours\Application Data\Microsoft\Clip Organizer\mstore10.mgc
C:\Documents and Settings\Les Amours\Application Data\Microsoft\Clip Organizer\Offic10.MGC
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\LocalService\Application Data\twain_32
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds
C:\WINDOWS\Installer\5136dcf.msp
C:\WINDOWS\Installer\5f360.msi
C:\WINDOWS\Installer\63fda.msp
C:\WINDOWS\Installer\7a1c8f.msp
C:\WINDOWS\Installer\ad1217.msp
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\drivers\Sonyhcp.dll
C:\WINDOWS\system32\twain_32
C:\WINDOWS\system32\twain_32\local.ds
C:\WINDOWS\system32\twain_32\user.ds
C:\WINDOWS\system32\twext.exe
C:\WINDOWS\UA000082.DLL

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-23 au 2009-09-23 ))))))))))))))))))))))))))))))))))))
.

2009-09-23 17:25:24 . 2009-09-23 17:40:21 0 d-----w- C:\GenProc
2009-09-23 16:57:57 . 2009-09-23 16:58:40 0 d-----w- C:\Program Files\trend micro
2009-09-23 16:57:50 . 2009-09-23 17:00:05 0 d-----w- C:\rsit
2009-09-09 16:03:10 . 2009-06-21 21:47:52 153088 -c----w- C:\WINDOWS\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 16:10:20 . 2007-01-01 16:30:14 1279456 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2009-08-17 16:06:54 . 2007-01-01 16:30:18 93392 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2009-08-17 16:06:43 . 2007-01-01 16:30:18 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2009-08-17 16:05:52 . 2008-04-17 21:25:16 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2009-08-17 16:05:37 . 2008-04-17 21:25:16 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2009-08-17 16:04:40 . 2007-01-01 16:30:21 51376 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2009-08-17 16:04:29 . 2007-01-01 16:30:21 23152 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2009-08-17 16:03:21 . 2007-01-01 16:30:20 26944 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2009-08-17 16:02:50 . 2007-01-01 16:30:14 97480 ----a-w- C:\WINDOWS\system32\AVASTSS.scr
2009-08-05 09:00:38 . 2006-03-21 07:54:48 205312 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 07:35:53 . 2006-10-22 14:05:20 0 d-----w- C:\Documents and Settings\Les Amours\Application Data\U3
2009-07-29 13:59:28 . 2009-07-29 13:59:28 0 d-----w- C:\Program Files\Inventel
2009-07-17 19:03:33 . 2006-03-21 07:54:30 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-13 08:08:14 . 2006-03-21 07:55:35 286720 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-07-05 14:02:06 . 2006-10-21 18:23:52 119176 ----a-w- C:\Documents and Settings\Les Amours\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 15:57:48 . 2006-03-21 07:55:02 827392 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-06-29 15:57:46 . 2006-03-21 07:54:41 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-06-29 15:57:45 . 2006-03-21 07:54:32 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08:00 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 02:34:13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:33:59 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34:32 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-16 14:34:00 7557120]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 23:02:08 761948]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-15 17:12:24 1769472]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24:50 118784]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-16 23:27:02 52848]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 10:37:40 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 09:41:50 602182]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 13:57:48 282624]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 01:50:42 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41:10 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 16:07:23 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 20:16:38 39792]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2006-02-16 14:34:00 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - C:\WINDOWS\system32\CHDAudPropShortcut.exe [2005-12-29 12:21:02 61952]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:33:59 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-21 110592]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-12 155648]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-21 110592]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [17/04/2008 23:25:16 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [17/04/2008 23:25:16 20560]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\drivers\x10hid.sys [21/03/2006 11:35:10 7040]
S4 Pcnmgmnipmep;Pcnmgmnipmep; [x]
.
Contenu du dossier 'Tâches planifiées'

2007-12-18 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20:38 . 2007-10-19 10:20:38]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - C:\Documents and Settings\Les Amours\Application Data\Mozilla\Firefox\Profiles\y9aur99i.default\
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
HKLM-Run-18386254 - C:\Documents and Settings\All Users\Application Data\18386254\18386254.exe
AddRemove-BSPlayer1 - C:\Program Files\Webteh\BSPlayer\uninstall.exe
AddRemove-Web Hottest Videos Personal Player - C:\PROGRA~1\WEBHOT~1\UNWISE.EXE
AddRemove-{3F267286-1D4C-4F06-86CF-E8DED78ADC90}_is1 - C:\Program Files\BoontyGames\Ancient Spiders Solitaire\unins000.exe

lorene
23 sept. 2009 à 20:25

C'est étrange, on dirait que le virus est parti. Je n'ai plus l'icône dans la barre des taches, plus de message d'alerte, et j'ai retrouvé mon fond d'écran.
Est-ce que c'est possible que Combofix ait réparé le problème ?

Réponse 7 / 10

Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
23 sept. 2009 à 20:23

le rapport est incomplet

lorene
23 sept. 2009 à 20:26

Ah...et qu'est-ce que je dois faire alors ?

Réponse 8 / 10

Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
23 sept. 2009 à 20:27

oui, mais poste le rapport complet

lorene
23 sept. 2009 à 20:29

Je te refait le copier-coller, mais il me semble que j'ai que ça :

ComboFix 09-09-22.03 - Les Amours 23/09/2009 19:55:12.1.2 - NTFSx86
Lancé depuis: C:\Documents and Settings\Les Amours\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\18386254
C:\Documents and Settings\All Users\Application Data\18386254\18386254
C:\Documents and Settings\All Users\Application Data\18386254\18386254.exe
C:\Documents and Settings\All Users\Application Data\18386254\pc18386254ins
C:\Documents and Settings\Les Amours\Application Data\inst.exe
C:\Documents and Settings\Les Amours\Application Data\Microsoft\Clip Organizer\mstore10.mgc
C:\Documents and Settings\Les Amours\Application Data\Microsoft\Clip Organizer\Offic10.MGC
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Les Amours\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\LocalService\Application Data\twain_32
C:\Documents and Settings\LocalService\Application Data\twain_32\user.ds
C:\WINDOWS\Installer\5136dcf.msp
C:\WINDOWS\Installer\5f360.msi
C:\WINDOWS\Installer\63fda.msp
C:\WINDOWS\Installer\7a1c8f.msp
C:\WINDOWS\Installer\ad1217.msp
C:\WINDOWS\kb913800.exe
C:\WINDOWS\system32\drivers\Sonyhcp.dll
C:\WINDOWS\system32\twain_32
C:\WINDOWS\system32\twain_32\local.ds
C:\WINDOWS\system32\twain_32\user.ds
C:\WINDOWS\system32\twext.exe
C:\WINDOWS\UA000082.DLL

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-23 au 2009-09-23 ))))))))))))))))))))))))))))))))))))
.

2009-09-23 17:25:24 . 2009-09-23 17:40:21 0 d-----w- C:\GenProc
2009-09-23 16:57:57 . 2009-09-23 16:58:40 0 d-----w- C:\Program Files\trend micro
2009-09-23 16:57:50 . 2009-09-23 17:00:05 0 d-----w- C:\rsit
2009-09-09 16:03:10 . 2009-06-21 21:47:52 153088 -c----w- C:\WINDOWS\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 16:10:20 . 2007-01-01 16:30:14 1279456 ----a-w- C:\WINDOWS\system32\aswBoot.exe
2009-08-17 16:06:54 . 2007-01-01 16:30:18 93392 ----a-w- C:\WINDOWS\system32\drivers\aswmon.sys
2009-08-17 16:06:43 . 2007-01-01 16:30:18 94160 ----a-w- C:\WINDOWS\system32\drivers\aswmon2.sys
2009-08-17 16:05:52 . 2008-04-17 21:25:16 114768 ----a-w- C:\WINDOWS\system32\drivers\aswSP.sys
2009-08-17 16:05:37 . 2008-04-17 21:25:16 20560 ----a-w- C:\WINDOWS\system32\drivers\aswFsBlk.sys
2009-08-17 16:04:40 . 2007-01-01 16:30:21 51376 ----a-w- C:\WINDOWS\system32\drivers\aswTdi.sys
2009-08-17 16:04:29 . 2007-01-01 16:30:21 23152 ----a-w- C:\WINDOWS\system32\drivers\aswRdr.sys
2009-08-17 16:03:21 . 2007-01-01 16:30:20 26944 ----a-w- C:\WINDOWS\system32\drivers\aavmker4.sys
2009-08-17 16:02:50 . 2007-01-01 16:30:14 97480 ----a-w- C:\WINDOWS\system32\AVASTSS.scr
2009-08-05 09:00:38 . 2006-03-21 07:54:48 205312 ----a-w- C:\WINDOWS\system32\mswebdvd.dll
2009-08-04 07:35:53 . 2006-10-22 14:05:20 0 d-----w- C:\Documents and Settings\Les Amours\Application Data\U3
2009-07-29 13:59:28 . 2009-07-29 13:59:28 0 d-----w- C:\Program Files\Inventel
2009-07-17 19:03:33 . 2006-03-21 07:54:30 58880 ----a-w- C:\WINDOWS\system32\atl.dll
2009-07-13 08:08:14 . 2006-03-21 07:55:35 286720 ----a-w- C:\WINDOWS\system32\wmpdxm.dll
2009-07-05 14:02:06 . 2006-10-21 18:23:52 119176 ----a-w- C:\Documents and Settings\Les Amours\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 15:57:48 . 2006-03-21 07:55:02 827392 ----a-w- C:\WINDOWS\system32\wininet.dll
2009-06-29 15:57:46 . 2006-03-21 07:54:41 78336 ----a-w- C:\WINDOWS\system32\ieencode.dll
2009-06-29 15:57:45 . 2006-03-21 07:54:32 17408 ----a-w- C:\WINDOWS\system32\corpol.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 15:08:00 65536]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 02:34:13 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:33:59 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-05 12:34:32 64512]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-16 14:34:00 7557120]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 23:02:08 761948]
"Toshiba Hotkey Utility"="C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-15 17:12:24 1769472]
"SmoothView"="C:\Program Files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 08:24:50 118784]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-16 23:27:02 52848]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 10:37:40 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 09:41:50 602182]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 13:57:48 282624]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 01:50:42 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41:10 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 16:07:23 81000]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 20:16:38 39792]
"nwiz"="nwiz.exe" - C:\WINDOWS\system32\nwiz.exe [2006-02-16 14:34:00 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - C:\WINDOWS\system32\CHDAudPropShortcut.exe [2005-12-29 12:21:02 61952]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:33:59 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-21 110592]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-12 155648]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-21 110592]
D‚marrage rapide de HP Photosmart Premier.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Outil de d‚tection de support de Cyber-shot Viewer.lnk - C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\backburner\\server.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [17/04/2008 23:25:16 114768]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\drivers\aswFsBlk.sys [17/04/2008 23:25:16 20560]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\drivers\x10hid.sys [21/03/2006 11:35:10 7040]
S4 Pcnmgmnipmep;Pcnmgmnipmep; [x]
.
Contenu du dossier 'Tâches planifiées'

2007-12-18 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20:38 . 2007-10-19 10:20:38]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - C:\Documents and Settings\Les Amours\Application Data\Mozilla\Firefox\Profiles\y9aur99i.default\
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: C:\Program Files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Adobe Photo Downloader - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
HKLM-Run-18386254 - C:\Documents and Settings\All Users\Application Data\18386254\18386254.exe
AddRemove-BSPlayer1 - C:\Program Files\Webteh\BSPlayer\uninstall.exe
AddRemove-Web Hottest Videos Personal Player - C:\PROGRA~1\WEBHOT~1\UNWISE.EXE
AddRemove-{3F267286-1D4C-4F06-86CF-E8DED78ADC90}_is1 - C:\Program Files\BoontyGames\Ancient Spiders Solitaire\unins000.exe

Réponse 9 / 10

Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
23 sept. 2009 à 20:28

C:\Combofix.txt

lorene
23 sept. 2009 à 20:30

Ah oui, désolé, il y a des choses qui se sont rajoutées après on dirait :
ComboFix 09-09-22.03 - Les Amours 23/09/2009 19:55.1.2 - NTFSx86
Lancé depuis: c:\documents and settings\Les Amours\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\18386254
c:\documents and settings\All Users\Application Data\18386254\18386254
c:\documents and settings\All Users\Application Data\18386254\18386254.exe
c:\documents and settings\All Users\Application Data\18386254\pc18386254ins
c:\documents and settings\Les Amours\Application Data\inst.exe
c:\documents and settings\Les Amours\Application Data\Microsoft\Clip Organizer\mstore10.mgc
c:\documents and settings\Les Amours\Application Data\Microsoft\Clip Organizer\Offic10.MGC
c:\documents and settings\Les Amours\Application Data\ShoppingReport
c:\documents and settings\Les Amours\Application Data\ShoppingReport\cs\Config.xml
c:\documents and settings\Les Amours\Application Data\ShoppingReport\cs\db\Aliases.dbs
c:\documents and settings\Les Amours\Application Data\ShoppingReport\cs\db\Sites.dbs
c:\documents and settings\Les Amours\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
c:\documents and settings\Les Amours\Application Data\ShoppingReport\cs\report\aggr_storage.xml
c:\documents and settings\Les Amours\Application Data\ShoppingReport\cs\report\send_storage.xml
c:\documents and settings\Les Amours\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
c:\documents and settings\LocalService\Application Data\twain_32
c:\documents and settings\LocalService\Application Data\twain_32\user.ds
c:\windows\Installer\5136dcf.msp
c:\windows\Installer\5f360.msi
c:\windows\Installer\63fda.msp
c:\windows\Installer\7a1c8f.msp
c:\windows\Installer\ad1217.msp
c:\windows\kb913800.exe
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\twain_32
c:\windows\system32\twain_32\local.ds
c:\windows\system32\twain_32\user.ds
c:\windows\system32\twext.exe
c:\windows\UA000082.DLL

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BOONTY_GAMES
-------\Service_Boonty Games

((((((((((((((((((((((((((((( Fichiers créés du 2009-08-23 au 2009-09-23 ))))))))))))))))))))))))))))))))))))
.

2009-09-23 17:25 . 2009-09-23 17:40 -------- d-----w- C:\GenProc
2009-09-23 16:57 . 2009-09-23 16:58 -------- d-----w- c:\program files\trend micro
2009-09-23 16:57 . 2009-09-23 17:00 -------- d-----w- C:\rsit
2009-09-09 16:03 . 2009-06-21 21:47 153088 -c----w- c:\windows\system32\dllcache\triedit.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-17 16:10 . 2007-01-01 16:30 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2007-01-01 16:30 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2007-01-01 16:30 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-17 21:25 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-17 21:25 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2007-01-01 16:30 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2007-01-01 16:30 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2007-01-01 16:30 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2007-01-01 16:30 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-08-05 09:00 . 2006-03-21 07:54 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 07:35 . 2006-10-22 14:05 -------- d-----w- c:\documents and settings\Les Amours\Application Data\U3
2009-07-29 13:59 . 2009-07-29 13:59 -------- d-----w- c:\program files\Inventel
2009-07-17 19:03 . 2006-03-21 07:54 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 08:08 . 2006-03-21 07:55 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-05 14:02 . 2006-10-21 18:23 119176 ----a-w- c:\documents and settings\Les Amours\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-29 15:57 . 2006-03-21 07:55 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2006-03-21 07:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2006-03-21 07:54 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-16 7557120]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-02 761948]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2006-03-15 1769472]
"SmoothView"="c:\program files\TOSHIBA\Utilitaire de zoom TOSHIBA\SmoothView.exe" [2005-05-17 118784]
"ccApp"="c:\program files\Fichiers communs\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-05 667718]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-11-28 602182]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-02-16 1519616]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2005-12-29 61952]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-21 110592]
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-12 155648]

c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - c:\program files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-10-21 110592]
D‚marrage rapide de HP Photosmart Premier.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Outil de d‚tection de support de Cyber-shot Viewer.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2006-11-12 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iView MediaPro3\\IVIEW_MP.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Autodesk\\3dsMax8\\3dsmax.exe"=
"c:\\Program Files\\Autodesk\\backburner\\monitor.exe"=
"c:\\Program Files\\Autodesk\\backburner\\manager.exe"=
"c:\\Program Files\\Autodesk\\backburner\\server.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFXFER.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [17/04/2008 23:25 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17/04/2008 23:25 20560]
R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [21/03/2006 11:35 7040]
S4 Pcnmgmnipmep;Pcnmgmnipmep; [x]
.
Contenu du dossier 'Tâches planifiées'

2007-12-18 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 10:20]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://www.google.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
FF - ProfilePath - c:\documents and settings\Les Amours\Application Data\Mozilla\Firefox\Profiles\y9aur99i.default\
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPJPI150_04.dll
FF - plugin: c:\program files\Java\jre1.5.0_04\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
HKLM-Run-18386254 - c:\documents and settings\All Users\Application Data\18386254\18386254.exe
AddRemove-BSPlayer1 - c:\program files\Webteh\BSPlayer\uninstall.exe
AddRemove-Web Hottest Videos Personal Player - c:\progra~1\WEBHOT~1\UNWISE.EXE
AddRemove-{3F267286-1D4C-4F06-86CF-E8DED78ADC90}_is1 - c:\program files\BoontyGames\Ancient Spiders Solitaire\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-23 20:03
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

c:\windows\TEMP\_av_proI.tm~a03064
c:\windows\TEMP\_av_proI.tm~a03064\setup.lok 0 bytes

Scan terminé avec succès
Fichiers cachés: 2

**************************************************************************
.
--------------------- CLES DE REGISTRE BLOQUEES ---------------------

[HKEY_USERS\S-1-5-21-1722875935-1530294410-800833973-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*]
"C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs chargées dans les processus actifs ---------------------

- - - - - - - > 'explorer.exe'(2684)
c:\windows\system32\eappprxy.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Online_TV\tbOnl1.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Autres processus actifs ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Fichiers communs\Symantec Shared\ccSetMgr.exe
c:\program files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Fichiers communs\Autodesk Shared\Service\AdskScSrv.exe
c:\program files\Fichiers communs\InterVideo\DeviceService\DevSvc.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\windows\system32\DVDRAMSV.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\COMMON~1\X10\Common\X10nets.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Synaptics\SynTP\Toshiba.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\windows\system32\RAMASST.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\progra~1\Intel\Wireless\Bin\Dot1XCfg.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\notepad.exe
c:\program files\Mozilla Firefox\firefox.exe
c:\windows\system32\HPZinw12.exe
.
**************************************************************************
.
Heure de fin: 2009-09-23 20:11 - La machine a redémarré
ComboFix-quarantined-files.txt 2009-09-23 18:11

Avant-CF: 61 232 168 960 octets libres
Après-CF: 61 125 033 984 octets libres

WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

250 --- E O F --- 2009-09-12 16:04

lorene
23 sept. 2009 à 20:51

Est-ce que le dernier rapport que je t'ai envoyé est complet ?

Réponse 10 / 10

Narco!4 Messages postés 2385 Date d'inscription dimanche 25 janvier 2009 Statut Contributeur Dernière intervention 25 octobre 2012 467
23 sept. 2009 à 21:04

oui

relance genproc

Virus total security

10 réponses

Discussions similaires